Rusty Russell wrote:
> Unfortunately not. Hardware randomness devices export /dev/hwrng, and it's
> up
> to userspace to feed that into /dev/random (or not). That's usually done by
> rngd, which at least on my system, assumes 1 bit of entropy per bit of data
> from /dev/hwrng by default.
>
> I was a little surprised that this decision was exported to userspace, but if
> you're not prepared to unconditionally trust hw rngs, it makes sense to palm
> it off.
Yeah, that's a bit of a pity. Hardware rngs can often generate really
crappy randomness, which needs tons of processing to remove noise like
50/60hz hum, etc.
> We could write a boutique device for virtualization which *did* feed
> directly, but that would be a little gauche.
>
Well, yes, we can certainly do any amount of processing we like to the
stuff provided to guests, so that the 1:1 bits/entropy ratio is as true
as we can make it.
J
_______________________________________________
Virtualization mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/virtualization
